diff options
| author | Damien Miller <djm@mindrot.org> | 2008-05-19 15:34:50 +1000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2008-05-19 15:34:50 +1000 |
| commit | 7207f64a23a49a719aad3083c068f50e5034ccb8 (patch) | |
| tree | 7ce6e49ae0713fad145ea9feb0181ec4d250ed75 /monitor_wrap.c | |
| parent | 9417831eced03242e283e30286ac06ca2ce6d83e (diff) | |
- djm@cvs.openbsd.org 2008/05/08 12:21:16
[monitor.c monitor_wrap.c session.h servconf.c servconf.h session.c]
[sshd_config sshd_config.5]
Make the maximum number of sessions run-time controllable via
a sshd_config MaxSessions knob. This is useful for disabling
login/shell/subsystem access while leaving port-forwarding working
(MaxSessions 0), disabling connection multiplexing (MaxSessions 1) or
simply increasing the number of allows multiplexed sessions.
Because some bozos are sure to configure MaxSessions in excess of the
number of available file descriptors in sshd (which, at peak, might be
as many as 9*MaxSessions), audit sshd to ensure that it doesn't leak fds
on error paths, and make it fail gracefully on out-of-fd conditions -
sending channel errors instead of than exiting with fatal().
bz#1090; MaxSessions config bits and manpage from junyer AT gmail.com
ok markus@
Diffstat (limited to 'monitor_wrap.c')
| -rw-r--r-- | monitor_wrap.c | 22 |
1 files changed, 18 insertions, 4 deletions
diff --git a/monitor_wrap.c b/monitor_wrap.c index 72fd5c83c..e65fb1279 100644 --- a/monitor_wrap.c +++ b/monitor_wrap.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: monitor_wrap.c,v 1.61 2008/05/08 12:02:23 djm Exp $ */ | 1 | /* $OpenBSD: monitor_wrap.c,v 1.62 2008/05/08 12:21:16 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright 2002 Niels Provos <provos@citi.umich.edu> | 3 | * Copyright 2002 Niels Provos <provos@citi.umich.edu> |
| 4 | * Copyright 2002 Markus Friedl <markus@openbsd.org> | 4 | * Copyright 2002 Markus Friedl <markus@openbsd.org> |
| @@ -666,7 +666,20 @@ mm_pty_allocate(int *ptyfd, int *ttyfd, char *namebuf, size_t namebuflen) | |||
| 666 | { | 666 | { |
| 667 | Buffer m; | 667 | Buffer m; |
| 668 | char *p, *msg; | 668 | char *p, *msg; |
| 669 | int success = 0; | 669 | int success = 0, tmp1 = -1, tmp2 = -1; |
| 670 | |||
| 671 | /* Kludge: ensure there are fds free to receive the pty/tty */ | ||
| 672 | if ((tmp1 = dup(pmonitor->m_recvfd)) == -1 || | ||
| 673 | (tmp2 = dup(pmonitor->m_recvfd)) == -1) { | ||
| 674 | error("%s: cannot allocate fds for pty", __func__); | ||
| 675 | if (tmp1 > 0) | ||
| 676 | close(tmp1); | ||
| 677 | if (tmp2 > 0) | ||
| 678 | close(tmp2); | ||
| 679 | return 0; | ||
| 680 | } | ||
| 681 | close(tmp1); | ||
| 682 | close(tmp2); | ||
| 670 | 683 | ||
| 671 | buffer_init(&m); | 684 | buffer_init(&m); |
| 672 | mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PTY, &m); | 685 | mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PTY, &m); |
| @@ -711,8 +724,9 @@ mm_session_pty_cleanup2(Session *s) | |||
| 711 | buffer_free(&m); | 724 | buffer_free(&m); |
| 712 | 725 | ||
| 713 | /* closed dup'ed master */ | 726 | /* closed dup'ed master */ |
| 714 | if (close(s->ptymaster) < 0) | 727 | if (s->ptymaster != -1 && close(s->ptymaster) < 0) |
| 715 | error("close(s->ptymaster): %s", strerror(errno)); | 728 | error("close(s->ptymaster/%d): %s", |
| 729 | s->ptymaster, strerror(errno)); | ||
| 716 | 730 | ||
| 717 | /* unlink pty from session */ | 731 | /* unlink pty from session */ |
| 718 | s->ttyfd = -1; | 732 | s->ttyfd = -1; |